mirror of
https://github.com/community-scripts/ProxmoxVED.git
synced 2026-03-31 06:24:18 -04:00
Simplify APT retry logic and add insecure fallback
Replace the previous multi-step APT retry sequence (mirror swaps, sleeps, multiple retries) with a simpler fallback: on apt-get update failure disable Acquire::By-Hash, enable Acquire::AllowInsecureRepositories and attempt updates/installs using --allow-insecure-repositories/--allow-unauthenticated where needed. Restore secure settings and refresh lists afterwards, and preserve/propagate the original command exit status. Apply the same simplification in misc/build.func, misc/install.func and the Proxmox LXC cron updater (tools/pve/update-lxcs-cron.sh) to handle Debian repo desyncs more reliably and reduce complex retry logic.
This commit is contained in:
CanbiZ (MickLesk)
@@ -4601,52 +4601,20 @@ EOF'
|
||||
fi
|
||||
|
||||
pct exec "$CTID" -- bash -c "apt-get update >/dev/null 2>&1 && apt-get install -y sudo curl mc gnupg2 jq >/dev/null 2>&1" || {
|
||||
msg_warn "apt-get base packages failed, retrying with by-hash bypass and alternate mirror..."
|
||||
msg_warn "apt-get update failed, bypassing hash verification (Debian repo desync)..."
|
||||
pct exec "$CTID" -- bash -c '
|
||||
APT_BASE="sudo curl mc gnupg2 jq"
|
||||
apt_retry() {
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
apt-get update >/dev/null 2>&1 && apt-get install -y $APT_BASE >/dev/null 2>&1
|
||||
}
|
||||
|
||||
# Retry 1: Disable by-hash (stale CDN by-hash index)
|
||||
echo "Acquire::By-Hash \"no\";" >/etc/apt/apt.conf.d/99no-by-hash
|
||||
apt_retry && exit 0
|
||||
|
||||
# Retry 2: Switch to country mirror (may lag behind primary)
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[ -f "$src" ] && sed -i "s|deb.debian.org|ftp.de.debian.org|g" "$src"
|
||||
done
|
||||
apt_retry && exit 0
|
||||
|
||||
# Retry 3: Wait 30s for mirror sync, try original mirror
|
||||
sleep 30
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[ -f "$src" ] && sed -i "s|ftp.de.debian.org|deb.debian.org|g" "$src"
|
||||
done
|
||||
apt_retry && exit 0
|
||||
|
||||
# Retry 4: Temporarily allow hash mismatch (Release/Packages desync)
|
||||
echo "Acquire::AllowInsecureRepositories \"true\";" >>/etc/apt/apt.conf.d/99no-by-hash
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[ -f "$src" ] && sed -i "s|deb.debian.org|ftp.debian.org|g" "$src"
|
||||
done
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
if apt-get update --allow-insecure-repositories >/dev/null 2>&1; then
|
||||
apt-get update --allow-insecure-repositories >/dev/null 2>&1 && \
|
||||
apt-get install -y --allow-unauthenticated $APT_BASE >/dev/null 2>&1
|
||||
ret=$?
|
||||
# Restore secure settings immediately
|
||||
echo "Acquire::By-Hash \"no\";" >/etc/apt/apt.conf.d/99no-by-hash
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[ -f "$src" ] && sed -i "s|ftp.debian.org|deb.debian.org|g" "$src"
|
||||
done
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
apt-get update >/dev/null 2>&1 || true
|
||||
[ $ret -eq 0 ] && exit 0
|
||||
fi
|
||||
# Cleanup on failure
|
||||
ret=$?
|
||||
# Restore secure settings
|
||||
echo "Acquire::By-Hash \"no\";" >/etc/apt/apt.conf.d/99no-by-hash
|
||||
exit 1
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
apt-get update >/dev/null 2>&1 || true
|
||||
exit $ret
|
||||
' || {
|
||||
msg_error "apt-get base packages installation failed"
|
||||
exit 1
|
||||
|
||||
@@ -201,39 +201,15 @@ pkg_update() {
|
||||
case "$PKG_MANAGER" in
|
||||
apt)
|
||||
if ! $STD apt-get update; then
|
||||
msg_warn "apt-get update failed, retrying with by-hash bypass and alternate mirror..."
|
||||
msg_warn "apt-get update failed, bypassing hash verification (Debian repo desync)..."
|
||||
echo 'Acquire::By-Hash "no";' >/etc/apt/apt.conf.d/99no-by-hash
|
||||
echo 'Acquire::AllowInsecureRepositories "true";' >>/etc/apt/apt.conf.d/99no-by-hash
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
$STD apt-get update --allow-insecure-repositories
|
||||
# Restore secure settings
|
||||
echo 'Acquire::By-Hash "no";' >/etc/apt/apt.conf.d/99no-by-hash
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
if ! $STD apt-get update; then
|
||||
# Retry with country mirror
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[[ -f "$src" ]] && sed -i 's|deb.debian.org|ftp.de.debian.org|g' "$src"
|
||||
done
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
if ! $STD apt-get update; then
|
||||
# Wait for mirror sync, try original
|
||||
sleep 30
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[[ -f "$src" ]] && sed -i 's|ftp.de.debian.org|deb.debian.org|g' "$src"
|
||||
done
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
if ! $STD apt-get update; then
|
||||
# Last resort: temporarily allow insecure repos
|
||||
msg_warn "All mirrors have hash mismatch, temporarily relaxing APT verification..."
|
||||
echo 'Acquire::AllowInsecureRepositories "true";' >>/etc/apt/apt.conf.d/99no-by-hash
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[[ -f "$src" ]] && sed -i 's|deb.debian.org|ftp.debian.org|g' "$src"
|
||||
done
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
$STD apt-get update --allow-insecure-repositories
|
||||
# Restore secure settings immediately
|
||||
echo 'Acquire::By-Hash "no";' >/etc/apt/apt.conf.d/99no-by-hash
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[[ -f "$src" ]] && sed -i 's|ftp.debian.org|deb.debian.org|g' "$src"
|
||||
done
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
$STD apt-get update || true
|
||||
fi
|
||||
;;
|
||||
apk)
|
||||
|
||||
@@ -36,40 +36,15 @@ function update_container() {
|
||||
archlinux) pct exec "$container" -- bash -c "pacman -Syyu --noconfirm" ;;
|
||||
fedora | rocky | centos | alma) pct exec "$container" -- bash -c "dnf -y update && dnf -y upgrade" ;;
|
||||
ubuntu | debian | devuan) pct exec "$container" -- bash -c '
|
||||
apt_update_ok=false
|
||||
apt-get update && apt_update_ok=true
|
||||
if [ "$apt_update_ok" = false ]; then
|
||||
apt-get update || {
|
||||
echo "Acquire::By-Hash \"no\";" >/etc/apt/apt.conf.d/99no-by-hash
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
apt-get update && apt_update_ok=true
|
||||
fi
|
||||
if [ "$apt_update_ok" = false ]; then
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[ -f "$src" ] && sed -i "s|deb.debian.org|ftp.de.debian.org|g" "$src"
|
||||
done
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
apt-get update && apt_update_ok=true
|
||||
fi
|
||||
if [ "$apt_update_ok" = false ]; then
|
||||
sleep 30
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[ -f "$src" ] && sed -i "s|ftp.de.debian.org|deb.debian.org|g" "$src"
|
||||
done
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
apt-get update && apt_update_ok=true
|
||||
fi
|
||||
if [ "$apt_update_ok" = false ]; then
|
||||
echo "Acquire::AllowInsecureRepositories \"true\";" >>/etc/apt/apt.conf.d/99no-by-hash
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[ -f "$src" ] && sed -i "s|deb.debian.org|ftp.debian.org|g" "$src"
|
||||
done
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
apt-get update --allow-insecure-repositories
|
||||
echo "Acquire::By-Hash \"no\";" >/etc/apt/apt.conf.d/99no-by-hash
|
||||
for src in /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list; do
|
||||
[ -f "$src" ] && sed -i "s|ftp.debian.org|deb.debian.org|g" "$src"
|
||||
done
|
||||
fi
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
apt-get update || true
|
||||
}
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confold" dist-upgrade -y
|
||||
rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED' ;;
|
||||
opensuse) pct exec "$container" -- bash -c "zypper ref && zypper --non-interactive dup" ;;
|
||||
|
||||
Reference in New Issue
Block a user